BEC Attack Prevention

Business Email Compromise (BEC) is gaining momentum as a threat vector and becoming more challenging to detect with the growing number of data breaches occurring each year due to improved machine speed and generative AI tools providing threat actors the ability to have more data and create more personalized, targeted, and convincing attacks at scale. According to research, almost three-quarters (70%) of organizations were the targets of attempted BEC attacks in the last year.

Business Email Compromise Explained

BEC attacks are a type of cybercrime where bad actors, often impersonating company executives or trusted vendors, use email to target businesses and individuals and trick organizations into transferring money or sensitive information to fraudulent accounts. These attacks are different from your everyday phishing email—they are far more targeted and often involve careful planning.

How Compromised Password and Credentials Fuel BEC Attacks

Once attackers have valid credentials, they gain unauthorized access to email accounts, making it much easier to carry out a BEC attack.

1. Compromising Trusted Employee Accounts:
   The most dangerous part of using stolen credentials in a BEC attack is the ability to send emails from a legitimate, trusted source. Instead of faking or spoofing an email address (which might raise suspicion), bad actors now have direct access and seem completely legitimate to recipients.
2. Email Account Takeover (ATO):
   Cybercriminals can log into an employee’s email account and monitor their communications with credentials found on the dark web. Hackers can analyze the company’s vendors, employees, and internal processes to generate highly convincing emails.
3. Manipulation of Internal Communication:
   By gaining control of an account, attackers can change payment instructions or request sensitive information while pretending to be a legitimate colleague. Since these requests come from actual, compromised email accounts, they are much more difficult for employees to detect as fraudulent.
4. Access to Other Accounts Leading to Data Theft:
   If the compromised credentials are reused across multiple accounts or platforms, attackers can escalate the attack beyond email. They could access shared drives, financial systems, or internal company portals. This creates a much larger security issue, as now multiple systems are exposed.

Why They Are So Effective

Passwords are one of the first lines of defense against BEC attacks. If an attacker can get hold of someone’s email password, they now have the keys to the castle.

• They Give the Attacker Authenticity: When an email comes from an actual trusted account, it’s much harder for the victim to detect that something’s wrong. The usual signs of phishing are absent (strange email domains, typos, suspicious links).
• They Bypass Security Filters: Many companies use email filtering or flagging systems to block suspicious emails. But when an attacker has access to a real account, these defenses are less effective. Emails sent from a legitimate account are much less likely to be flagged as fraudulent.
• They Exploit Trust: Internal company communication relies on trust. When someone receives an email from their colleague’s official email account, they are unlikely to question it. Cybercriminals exploit this trust.

The Role of AI in Enhancing BEC Attacks

With the growing use of advanced AI technologies, cybercriminals are now able to flawlessly mimic employee communications by analyzing previous email exchanges and becoming harder to detect. Generative AI tools can replicate writing styles, tones, and even specific organizational terminology. This enables attackers to generate personalized and convincing emails that appear to be coming from executives or trusted colleagues. The seamless imitation makes it exceedingly difficult for employees to discern fraudulent emails from legitimate ones. As a result, traditional cybersecurity defenses need help to keep up with the speed, scale, and adoption of sophistication of AI-powered BEC attacks.

Protect Against BEC Attacks Through Credential Security

Compromised credentials are a key part of how Business Email Compromise attacks succeed. They are a simple and scary gateway to your accounts and business. If credentials get into the wrong hands, cybercriminals can cause serious damage, especially in an organization..

Given the role compromised credentials play in BEC attacks, focusing on protecting login information is one of the best ways to reduce the risk. Here’s how businesses can do that:

1. Don’t Reuse Passwords and Ensure Passwords are Strong
   Ensure employees use unique, complex passwords and never reuse the same password across different accounts. It’s been shown that 80% of people reuse passwords at work.
2. Monitor for Compromised Credentials:
   Continuously check that passwords have not been previously leaked and found on the dark web. If an employee’s credentials show up on the dark web, the company can quickly lockout or reset those passwords and prevent unauthorized access.
3. Implement Multi-Factor Authentication (MFA):
   While not a replacement for securing credentials directly, implementing MFA adds an extra layer of security. Even if an attacker has a stolen password, they won’t be able to log in without the second factor. This makes it harder to carry out BEC attacks based on compromised credentials. However, even MFA is not foolproof.
4. Train Employees on Password Hygiene and Phishing Scams:
   Regularly train employees to spot suspicious emails, especially those requesting financial transactions or sensitive information.

Enzoic reduces the risk of BEC attacks by proactively securing user credentials and detecting compromised passwords.  Enzoic for Active Directory continuously monitors user passwords to see if they have been compromised and delivers real-time alerts to admins when a password is found in a breach. Administrators can take prompt action by enforcing password changes, which mitigates the risk of bad actors using compromised credentials to perform BEC attacks​.

Why It Matters

Compromised credentials are the lifeblood of many BEC attacks. BEC attacks can cost businesses millions of dollars, and the recovery process is painful. Attackers don’t need to rely on fake emails or sophisticated hacking techniques when they can simply log into a legitimate account. Once inside, they can carry out their schemes quietly, often going unnoticed until it’s too late. By focusing on password security and adopting robust protection measures like screening for compromised credentials, companies can drastically reduce their vulnerability to BEC attacks.

AUTHOR

Kim Jacobson

Kim oversees and develops marketing programs designed to create brand recognition and demand for cybersecurity solutions. In her free time (when she’s not chauffeuring the kids), she enjoys spending time with her family, being outside, traveling and volunteering locally.